WHAT IS CLAIMED IS: 



1 . In a network device, a method of performing NAT, comprising: 

maintaining a plurality of routing tables, each of the plurality of routing tables being 
associated with a different virtual private network; 

receiving a packet, the packet including an IP source address and an IP destination 
address, the packet further including information indicating one of the plurality of routing 
tables to route the packet; 

performing NAT on the packet; 

identifying one of the plurality of routing tables to route the packet; 
identifying an entry in the one of the plurality of routing tables using the IP 
destination address; and 

routing the packet using the identified routing table entry. 

2. The method as recited in claim 1, wherein each virtual private network is associated 
with a different customer. 

3. The method as recited in claim 1, wherein the network device is associated with an 
ingress interface of a service provider network. 

4. The method as recited in claim 1, wherein the network device is associated with an 
egress interface of a service provider network. 
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5. The method as recited in claim 1, wherein the network device is associated with a 
service provider network. 

6. The method as recited in claim 1 , wherein performing NAT on the packet comprises: 
translating the IP source address from a private address to a public address when the 

packet is received from a network device in a private network. 

7. The method as recited in claim 1, wherein performing NAT on the packet comprises: 
translating the IP destination address from a public address to a private address when 

the packet is received from a network device in a public network. 

8. The method as recited in claim 7, wherein the network device in the public network 
provides one or more services to each virtual private network. 

9. The method as recited in claim 1, fiirther comprising: 

receiving a default route advertised by a network device providing one or more 
shared services available to each virtual private network; and 

updating each of the plurality of routing tables to include the default route to the 
network device providing one or more shared services available to each virtual private 
network. 
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10. The method as recited in claim 1, wherein the packet includes an MPLS tag 
indicating a virtual private network, and wherein identifying one of the routing tables 
comprises: 

ascertaining the virtual private network from the MPLS tag; and 
5 identifying the one of the routing tables associated with the virtual private network. 

1 1 . The method as recited in claim 10, wherein the MPLS tag further identifies the 
network device responsible for performing NAT and routing the packet. 

10 12. The method as recited in claim 1, wherein the packet includes an MPLS tag 

indicating a virtual private network, and wherein performing NAT on the packet comprises: 
ascertaining the virtual private network from the MPLS tag; 
identifying an entry in a translation table including the IP source address, the IP 
destination address, and a virtual private network identifier identifying the virtual private 
15 network; and 

performing NAT on the packet using the entry in the translation table. 

13. The method as recited in claim 12, wherein identifying one of the routing tables to 
route the packet comprises: 

20 identifying the one of the routing tables from the entry in the translation table. 

14. In a network device, a method of performing NAT, comprising: 

maintaining a plurality of sets of routing information, each of the sets of routing 

information being associated with a different virtual private network; 
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receiving a packet, the packet including an IP soiu-ce address and an IP destination 
address, the packet further including information indicating one of the plurality of routing 
tables to route the packet; 

performing NAT on the packet; 
5 identifying an entry in one of the sets of routing information using the IP destination 

address; and 

routing the packet using the identified routing table entry. 

15. The method as recited in claim 14, wherein each of the sets of routing information 
10 corresponding to each virtual private network is stored in a separate routing table. 

16. The method as recited in claim 14, wherein each of the sets of routing information 
corresponding to each virtual private network is stored in a single routing table, wherein 
each entry in the routing table includes a VPN identifier identifying the corresponding 

1 5 virtual private network. 

17. The method as recited in claim 14, further comprising: 

receiving a default route advertised by a network device providing one or more 
shared services available to each virtual private network; and 
20 updating the sets of routing information to include the default route to the network 

device providing one or more shared services available to each virtual private network. 

18. The method as recited in claim 17, wherein updating the sets of routing information 
comprises: 
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updating a single routing table to include the default route. 



19. The method as recited in claim 18, wherein the single routing table is dedicated to 
storing default routes to shared services available to each virtual private network. 
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20. The method as recited in claim 18, wherein the single routing table stores the sets of 
routing information. 

21. The method as recited in claim 17, wherein updating the sets of routing information 
10 comprises updating a plurality of routing tables to include the default route, each of the 

plurality of routing tables being associated with a different virtual private network. 

22. A computer-readable medium storing thereon computer-readable instructions for 
performing NAT in a network device, comprising: 

15 instructions for maintaining a plurality of routing tables, each of the plurality of 

routing tables being associated with a different virtual private network; 

instmctions for receiving a packet, the packet including an IP source address and an 

IP destination address, the packet further including information indicating one of the 

plurality of routing tables to route the packet; 

20 instmctions for performing NAT on the packet; 

instmctions for identifying one of the plurality of routing tables to route the packet; 

instmctions for identifying an entry in the one of the plurality of routing tables using 

the EP destination address; and 

instmctions for routing the packet using the identified routing table entry. 

25 



23. A network device adapted for performing NAT, comprising: 

means for maintaining a plurality of routing tables, each of the plurality of routing 
tables being associated with a different virtual private network; 

means for receiving a packet, the packet including an IP source address and an IP 
destination address, the packet further including information indicating one of the plurality 
of routing tables to route the packet; 

means for performing NAT on the packet; 

means for identifying one of the plurality of routing tables to route the packet; 
means for identifying an entry in the one of the plurality of routing tables using the 
IP destination address; and 

means for routing the packet using the identified routing table entry. 

24. A network device adapted for performing NAT, comprising: 
a processor; and 

a memory, at least one of the processor and the memory being adapted for: 

maintaining a pliu-ality of routing tables, each of the plurality of routing tables being 
associated with a different virtual private network; 

receiving a packet, the packet including an IP source address and an IP destination 
address, the packet further including information indicating one of the plurality of routing 
tables to route the packet; 

performing NAT on the packet; 

identifying one of the plurality of routing tables to route the packet; 
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identifying an entry in the one of the plurality of routing tables using the IP 
destination address; and 

routing the packet using the identified routing table entry. 
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